Today we’re concluding our tour of the AtlasCamp 2010 videos with three great talks: Big Module Plugins; Securing Your Plugin; and Using Advanced Javascript in Atlassian Plugins. Last week we saw videos on marketing a commercial plugin, performance for Jira plugins, and the Atlassian Platform. Happy holidays, and see you at AtlasCamp 2011! Details aren’t planned yet, but follow @atlascamp to get updates.

Big Modular Plugins – John Kodumal

John shows how to create modular Atlassian plugins, or plugins that are imported, depended on, and required by other plugins. Highlights include:

  • Plugins can use Java libraries for shared and extended functionality
  • Plugins can talk to other plugins with component-import
  • Custom permissions provide control for plugin integration with

Securing Your Plugin – Penny Wyatt

Penny gives a comprehensive view of potential Atlassian plugin vulnerabilities and security, providing examples and solutions to each possible vulnerability. Highlights include:

  • Use HTML encoding whenever displaying user data to avoid XSS hacks. Atlassian products provide functions for HTML encoding
  • XSRF vulnerabilities are also possible, avoidable by using limited-duration tokens issued by the server
  • Confluence has a WebSudo mode, which requires an administrative password to perform an action
  • Files can be executed and modified, so be sure to limit administrators and users to isolated directories on the server
  • Use for secure random number generation

Needs More jQuery: Using Advanced Javascript in Atlassian Plugins – Zach Davis

Zach talks about user interface development in Atlassian plugins, specifically recommending AUI as the best approach. He also shows us why Atlassian chose jQuery for a Javascript framework. Highlights include:

  • The Atlassian User Interface (AUI) is based on jQuery
  • AUI allows a plugin developer to create consistent UI components: dropdowns, toolbars, dialogs, and more
  • AUI provides functions for keyboard shortcuts
  • Learn more about AUI with the Atlassian User Interface Documentation

AtlasCamp 2010: Modular Plugins, Plugin Security, Advanced Javascript